<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Are you sure?<div><br></div><div>If I run the check below I’m facing with a different CN in the subject although the verification is ok:</div><div><br></div><div>openssl s_client -showcerts -connect <a href="http://www.paisagenslidar.cnptia.embrapa.br">www.paisagenslidar.cnptia.embrapa.br</a>:443</div><div><br><div><div>Il giorno 28/giu/2016, alle ore 19:38, Daniel Victoria <<a href="mailto:daniel.victoria@gmail.com">daniel.victoria@gmail.com</a>> ha scritto:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr"><div><div>Francesco,<br><br></div>I believe the site certificate is OK. At least the only security complain I get when I load the site is that some images were loaded through an insecure connection. The public address of the site is <a href="http://www.paisagenslidar.cnptia.embrapa.br/">www.paisagenslidar.cnptia.embrapa.br</a><br><br>baseurl is set to <a href="https://www.paisagenslidar.cnptia.embrapa.br/">https://www.paisagenslidar.cnptia.embrapa.br/</a><br><br></div>One thing I noticed is that I'm getting the same error when I try to upload a layer. Geonode will show me the error in the layer upload page. But the layer gets registered in GeoServer...<br><br><span><Capturar.PNG></span><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 28, 2016 at 2:22 PM, Francesco Bartoli <span dir="ltr"><<a href="mailto:xbartolone@gmail.com" target="_blank">xbartolone@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Daniel,<div><br></div><div>I took a look at you apache log file and the message is an hostname mismatching so I presume that’s something wrong in the subject of the certificate. Are you sure that your servername is the hostname used for the subject? And what did you set as baseurl?</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>F.</div></font></span><div><div class="h5"> <br><div><div>Il giorno 28/giu/2016, alle ore 18:33, Daniel Victoria <<a href="mailto:daniel.victoria@gmail.com" target="_blank">daniel.victoria@gmail.com</a>> ha scritto:</div><br><blockquote type="cite"><div dir="ltr"><div><div>Hi Francesco,<br><br>Thanks for the help. Just to clarify, what should I place in /usr/share/geoserver/data/security/auth/geonodeAuthProvider/config.xml?<br><BaseUrl> was set to <a href="http://localhost/" target="_blank">http://localhost/</a>. I changed to my site URL, restarted tomcat7 & apache, but it did not change anything.<span style="line-height:25.2px;white-space:pre-wrap"><br><br></span></div><span style="line-height:25.2px;white-space:pre-wrap">Cheers<br></span></div><span style="line-height:25.2px;white-space:pre-wrap">Daniel<br></span></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 28, 2016 at 1:00 PM, Francesco Bartoli <span dir="ltr"><<a href="mailto:xbartolone@gmail.com" target="_blank">xbartolone@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Hi Daniel,<div><br></div><div>the SSL configuration is due just on the geonode virtual host of Apache web server where GeoServer is proxy passed. So nothing special than a standard SSL apache configuration. Actually GeoServer with the release 2.4 is deployed under Tomcat 7 so you should have a look there.</div><div><br></div><div>For instance to configure the geonode base url you can edit this file in ubuntu:</div><div><span style="line-height:25.2px;white-space:pre-wrap">/usr/share/geoserver/data/security/auth/geonodeAuthProvider/config.xml</span></div><span><font color="#888888"><div><br></div><div>Francesco</div></font></span><div><div> </div><div><div><div>Il giorno 28/giu/2016, alle ore 17:20, Daniel Victoria <<a href="mailto:daniel.victoria@gmail.com" target="_blank">daniel.victoria@gmail.com</a>> ha scritto:</div><br><blockquote type="cite"><div dir="ltr"><div><div><div><div>So, we've not been able to sort out this problem with a certificate that is not matching our site. And since the guys that keep the network running here do not know much about geonode/geoserver, we are a bit lost. Are there any special configurations needed in order for GeoNode to play nice with SSL certificates?<br></div>We found this doc online<br><br><a href="http://docs.geonode.org/en/master/tutorials/advanced/geonode_production/ssl.html" target="_blank">http://docs.geonode.org/en/master/tutorials/advanced/geonode_production/ssl.html</a><br></div><br>But it mentions Tomcat6 and some directories that are not present in my GeoNode install, like <code>/var/lib/tomcat6/webapps/geoserver/WEB-INF/web.xml<br><br></code></div>I'm running geonode 2.4 in Ubuntu 14.04, installed using the apt-get command<code>.<br></code></div>My site uses a SSL certificate from Let's Encrypt<br><br>Thanks<br>Daniel<code><span></span></code><br><code><span></span></code></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 22, 2016 at 8:54 AM, Daniel Victoria <span dir="ltr"><<a href="mailto:daniel.victoria@gmail.com" target="_blank">daniel.victoria@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Just an update. I checked the same thing on an internal test server that I have (that I believe does not uses https) and I don't get the server error. So it's probably the hostname mismatch thing that is preventing me to change the layer style. Will talk to the network guys and hope they know how to fix it.<br><br></div>cheers<span><font color="#888888"><br></font></span></div><span><font color="#888888">Daniel<br></font></span></div><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 22, 2016 at 8:34 AM, Daniel Victoria <span dir="ltr"><<a href="mailto:daniel.victoria@gmail.com" target="_blank">daniel.victoria@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hi Simone,<br><br></div>Thanks for the tip. Looking at the apache2.log it appears that it's some problem with a cerificateHostnameMismatch. Am I reading the log correct? I'll talk to the people that maintains out network and see about this certificate.<br><br></div>On the same topic, in local_setting.py what should I put in SITEURL. The actual name of my virtual machine (some funny thing like dmzv014)? Or the name it's known in the internet (<a href="https://www.some.pretty.name.here/" target="_blank">https://www.some.pretty.name.here</a>)<br><br></div>Thanks<span><font color="#888888"><br></font></span></div><span><font color="#888888">Daniel<br><div><br></div></font></span></div><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 22, 2016 at 6:41 AM, Simone Dalmasso <span dir="ltr"><<a href="mailto:simone.dalmasso@gmail.com" target="_blank">simone.dalmasso@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, take a look at the apache logs when the 500 error code appears, they should tell you more.<div class="gmail_extra"><br><div class="gmail_quote"><div>2016-06-21 20:12 GMT+02:00 Daniel Victoria <span dir="ltr"><<a href="mailto:daniel.victoria@gmail.com" target="_blank">daniel.victoria@gmail.com</a>></span>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div dir="ltr"><div><div><div><div><div>Hi list,<br><br></div>I have a GeoNode instance running on Ubuntu, installed via apt-get.Everything appears to be working fine however, when I try to change a layer style, I get the error:<span> "There was an error saving the style back to the server.</span>"<br><br></div>Looking at the development console, I see that when I try to alter the layer style there are 2 PUT calls to the server. The first one fails with error 500 Internal server error. This is the call that's sending the SLD to the server. The second one returns 200 OK and it's sending the a JSON {"layer":{"defaultStyle":{"name":"estados"},"styles":{},"enabled":true}}<br><br></div>I'm trying to debug this error but can't find what is going on. I'm running behind a proxy server. Could this be a security setting? Is it normal that one PUT call fails and the other works?<br><br></div>Thanks<span><font color="#888888"><br></font></span></div><span><font color="#888888">Daniel<br></font></span></div>
<br></div>_______________________________________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org" target="_blank">geonode-users@lists.osgeo.org</a><br>
<a href="http://lists.osgeo.org/mailman/listinfo/geonode-users" rel="noreferrer" target="_blank">http://lists.osgeo.org/mailman/listinfo/geonode-users</a><br>
<br></blockquote></div><span><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div data-smartmail="gmail_signature">Simone </div>
</font></span></div></div>
</blockquote></div><br></div>
</div></blockquote></div><br></div>
</div></blockquote></div><br></div>
_______________________________________________<br>geonode-users mailing list<br><a href="mailto:geonode-users@lists.osgeo.org" target="_blank">geonode-users@lists.osgeo.org</a><br><a href="http://lists.osgeo.org/mailman/listinfo/geonode-users" target="_blank">http://lists.osgeo.org/mailman/listinfo/geonode-users</a><br></blockquote></div><br></div></div></div></blockquote></div><br></div>
</blockquote></div><br></div></div></div></blockquote></div><br></div>
</blockquote></div><br></div></body></html>